Warning: Anthropic "Gift Max" Exploit cost me €800, tanked my SCHUFA score, and got me banned.

A German data science student is sounding the alarm after an Anthropic billing exploit drained over €800 from their account, crippled their credit score, and got them banned for reporting it. On April 27th, unauthorized purchases of 'Gift Max 20X' (€214.20 each) and 'Gift Max 5X' (€107.10 each) hit their account despite 2FA being active. The attacker bypassed both MFA and 3-D Secure authentication, instantly generating and redeeming gift codes before the victim could even see the email notifications. This is not an isolated incident: GitHub issues #51404, #51168, #41499, and #47290 document a recurring pattern where hackers exploit Anthropic's gift-billing pipeline to drain saved cards without triggering standard payment safeguards.

Because over €800 was siphoned from their account, the student's subsequent direct debits for a train pass, internet, and utilities all failed. In Germany, multiple failed Lastschrift payments can instantly tank a person's SCHUFA credit score—a critical metric for renting apartments, getting phone contracts, or even securing a job. When the student sent a professional email with a police report number (Strafanzeige) and links to the GitHub evidence, Anthropic's response was not a refund or a security fix but an outright account ban. They lost access to all work-in-progress projects, research, and data science chats. The incident reveals a gap between Anthropic's constitutional AI marketing and the reality of its fintech security, and the student plans to cite this case in future work with German government and private sector clients.